Forum Discussion

Luiz_Guimaraes_'s avatar
Luiz_Guimaraes_
Icon for Nimbostratus rankNimbostratus
May 24, 2017

Access allowed when it should be denied

Hi guys

 

I'm implementing APM in a customer environment and now we caught in a problem that the customer has an URL that I use APM to authenticate and then check the group, if the group is approved the access will be permitted. It's working as expected too. But, if another user try to log in to the application using the same machine the access is allowed even the user isn't inside the permitted group.

 

Is possible to check this again ?

 

 

access security
activedirectory ad authentication policy access
APM
application delivery
LTM
security

2 Replies

Sort By
  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    May 25, 2017

    Strange. APM uses session based cookies. When successfully authenticated it is limited to the scope of a specific browser session. What happens if you open different browser types (IE, Firefox, Chrome) and login to APM? The expected behavior would be that you have to login once for each browser.

     

  • Luiz_Guimaraes_'s avatar
    Luiz_Guimaraes_
    Icon for Nimbostratus rankNimbostratus
    May 25, 2017

    Hi Niels, I did it and works fine. But the problem still persist when I call another URI in the same HTTP_HOST using the same browser. Someone said that I need to configure V2V (Virtual-to-Virtual) using 1 VIP LTM with iRule redirecting to the other virtual.

     

    My irule has a switch statement and its works as expected, but when it goes to redirect to the /my.policy to authenticate, the traffic is denied because the iRule is validated again and the new URI is not defined there.

     

    Do you have any suggestion?

     

    Tks

     

    Luiz